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CLAIMS 

WHAT IS CLAIMED IS: 

1 1 . A method for automatically directing network connections based on 

2 access rights possessed by a user of a wireless terminal, the method comprising: 

3 receiving a certificate, having security information indicative of the 

4 access rights possessed by the user, from the wireless terminal; 

5 determining whether the received certificate corresponds to a service 

6 provider authentication certificate which identifies access rights for a targeted 
□ 7 service; 

8 directing the network connection to the targeted service if the received 

fy 9 certificate corresponds to the service provider authentication certificate; and 
m 1 0 directing the network connection to an enrollment module to register 

+: 1 1 for the service provider authentication certificate, if the received certificate does not 

% 1 2 correspond to the service provider authentication certificate. 

CI 1 2. The method of Claim 1 , further comprising providing a list of one or 

S 2 more available predetermined certificates to the wireless terminal. 

1 3. The method of Claim 2, further comprising providing the list of 

2 available predetermined certificates to the wireless terminal in a predetermined 

3 order in which selection at the wireless terminal is to be effected. 

1 4. The method of Claim 3, further comprising selecting, at the wireless 

2 terminal, a locally-stored certificate corresponding to the highest order 

3 predetermined certificate that matches the locally-stored certificate. 

1 5. The method of Claim 4, further comprising establishing the network 

2 connection using the selected locally-stored certificate, wherein the selected 

3 certificate is the certificate received from the wireless terminal having security 

4 information indicative of the access rights possessed by the user. 

Page 30 

ALG 552.1 14US01 
Nokia NC 16073 US 
Patent Application 



31 



1 6. The method of Claim 3, further comprising allowing the wireless 

2 terminal to establish the network connection utilizing a locally-stored certificate 

3 corresponding to the predetermined certificate that is highest in the predetermined 

4 order that matches the locally-stored certificate. 

1 7. The method of Claim 1 , wherein receiving a certificate comprises 

2 receiving the certificate via a client certificate message issued by the wireless 

3 terminal. 

1 8. The method of Claim 1 , further comprising enrolling the user with the 

Q 2 targeted service via the enrollment module when the network connection is directed 

% 3 to the enrollment module. 

"jjj 1 9. The method of Claim 8, further comprising providing the service 

+! 2 provider authentication certificate back to the wireless terminal in response to 

2 3 enrolling the user with the targeted service. 

p 1 10. The method of Claim 1 , wherein the access rights possessed by the 

i % % 

3 2 user are stored as local certificates on a Wireless Identity Module (WIM). 

1 11. The method of Claim 1 , further comprising supplying the wireless 

2 terminal with a list of available authentication certificates from which the wireless 

3 terminal may use to establish the connection. 

1 12. The method of Claim 1 1 , further comprising supplying the wireless 

2 terminal with the list of available authentication certificates in a preferred order from 

3 which the wireless terminal must utilize a highest preference authentication 

4 certificate possessed at the wireless terminal in establishing the connection. 

1 13. The method of Claim 12, wherein the highest preference 

2 authentication certificate listed is the service provider authentication certificate. 
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1 14. The method of Claim 1 1 , wherein determining whether the received 

2 certificate corresponds to a service provider authentication certificate comprises 

3 comparing the received certificate to the list of available authentication certificates. 

1 15. The method of Claim 1 , wherein determining whether the received 

2 certificate corresponds to a service provider authentication certificate comprises 

3 comparing the received certificate to the service provider authentication certificate. 

1 1 6. A system for managing access and enrollment for a secure service 

2 available to a user via a wireless terminal, comprising: 

Q3 a service module from which a service provider avails the secure 

J 4 service to the user of the wireless terminal; 

5 5 an enrollment manager to effect user registration to the secure service; 

'$ 6 and 

S 7 a switch module coupled to receive a security certificate utilized by the 

^ 8 wireless terminal in establishing a connection therewith, wherein the switch module 

a 9 directs the connection to either the service module or the enrollment manager 

Ji 1 0 depending on the security certificate utilized in establishing the connection. 

o 

^ 1 1 7. The system as in Claim 1 6, wherein the switch module determines 

2 which security certificate is utilized in establishing the connection, and directs the 

3 connection to either the service module or the enrollment manager depending on 

4 the utilized security certificate. 

1 1 8. The system as in Claim 1 7, wherein the security certificate is digitally 

2 signed by the service provider indicating that the user is registered with the service 

3 provider for use of the secure service, thereby directing the connection to the 

4 service module. 

1 19. The system as in Claim 17, wherein the security certificate is not 

2 digitally signed by the service provider, indicating that the user is not registered with 
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3 the service provider for use of the secure service, thereby directing the connection 

4 to the enrollment manager. 

1 20. The system as in Claim 17, wherein the security certificate is digitally 

2 signed by a trusted authority that is trusted by the service provider, indicating that 

3 the user may obtain registration through the trusted authority, thereby directing the 

4 connection to the enrollment manager. 

1 21 . The system as in Claim 1 6, wherein the security certificate comprises 

2 an authentication certificate. 

A 1 22. The system as in Claim 21 , wherein the authentication certificate 

jf; 2 comprises at least one of an identity verification authentication certificate, an 

=P 3 authorization certificate, and a non-repudiation certificate. 

Q 

^ 1 23. The system as in Claim 1 6, wherein the switch module comprises a list 

m 2 of potential authentication certificates listed in a preferred order of use, and wherein 

{H 3 the switch module provides the list of potential authentication certificates to the 

O 4 wireless terminal to allow the wireless terminal to establish the connection using a 

5 highest order authentication certificate in accordance with the preferred order of 

6 use. 



1 24. The system as in Claim 23, wherein the switch comprises a compare 

2 module to compare at least one of the predetermined authentication certificates to 

3 the authentication certificate used by the wireless terminal. 

1 25. The system as in Claim 24, wherein: 

2 (a) the compare module compares a service provider's authentication 

3 certificate to the authentication certificate used by the wireless terminal in 

4 establishing the connection; 

5 (b) if a match is found, the switch module directs the user to the 

6 service module to use the secure service; and 
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7 (c) if a match is not found, the switch module directs the user to the 

8 enrollment manager to effect user registration to the secure service. 

1 26. The system as in Claim 24, wherein: 

2 (a) the compare module compares each of the predetermined 

3 authentication certificates to the authentication certificate used by the wireless 

4 terminal; and 

5 (b) the switch module directs the user to the service module or the 

6 enrollment manager depending on the results of the comparison. 

*2 1 27 - The system as in Claim 16, wherein the enrollment manager is 

ry 2 configured to issue authentication certificates upon successful registration, including 

% 3 the service provider authentication certificate required for use with the secure 

45 4 service. 

O 1 28. A system for managing user access and enrollment for a secure 

O 2 service available on a network, comprising: 

% 3 a wireless network including a plurality of wireless terminals operable 

H 4 therein; 

5 a network of computing systems wherein at least one of the computing 

6 systems comprises a server computing system hosting a secure service targeted by 

7 at least one of the wireless terminals, and wherein at least one of the computing 

8 systems comprises an enrollment server to effect user registration to the secure 

9 service; 

1 0 a gateway computing system configured to bridge communications 

1 1 between the wireless network and the network of computing systems; and 

1 2 a network switch coupled to receive an authentication certificate 

1 3 utilized by a wireless terminal in establishing a connection with the network of 

1 4 computing systems, wherein the network switch switches the connection to the 

1 5 server computing system or the enrollment server depending on the authentication 

1 6 certificate utilized by the wireless terminal in establishing the connection. 

Page 34 

ALG 552.1 14US01 
Nokia NC 16073 US 
Patent Application 



35 



1 29. The system as in Claim 28, wherein the gateway computing system 

2 comprises a Wireless Application Protocol (WAP) gateway, and at least the wireless 

3 terminal establishing the connection with the network of computing systems 

4 comprises a WAP-compliant terminal. 

1 30. The system as in Claim 29, wherein the WAP-compliant terminal 

2 comprises one of a wireless telephone, personal digital assistant, wireless pager, 

3 and wireless laptop computer. 

1 31 . The system as in Claim 28, wherein the network of computing systems 

J 2 comprises the Internet, and wherein the Wireless Application Protocol (WAP) is 

jO 3 used to communicate between the wireless terminal and the Internet. 

% 1 32. A system for automatically routing network connections based on 

O 2 access rights possessed by a user of a wireless terminal, comprising: 

q 3 means for receiving a certificate, having security information indicative 

2 4 of the access rights possessed by the user, from the wireless terminal; 

m 5 means for determining whether the received certificate corresponds to 

g 6 a service provider authentication certificate which identifies access rights for a 

7 targeted service; and 

8 means for directing the network connection to the targeted service if 



9 the received certificate corresponds to the service provider authentication certificate, 

1 0 and for directing the network connection to an enrollment module to register for the 

1 1 service provider authentication certificate if the received certificate does not 

12 correspond to the service provider authentication certificate. 



1 33. A computer-readable program storage medium tangibly embodying a 

2 program of instructions executable by a computing system to manage user access 

3 and enrollment for secure network services by performing steps comprising: 

4 receiving a certificate, having security information indicative of the 

5 access rights possessed by the user, from the wireless terminal; 
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6 determining whether the received certificate corresponds to a service 

7 provider authentication certificate which identifies access rights for a targeted 

8 service; 

9 directing the network connection to the targeted service if the received 

1 0 certificate corresponds to the service provider authentication certificate; and 

1 1 directing the network connection to an enrollment module to register 

12 for the service provider authentication certificate, if the received certificate does not 

1 3 correspond to the service provider authentication certificate. 



m 
O 
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